AWS WAF is expanding the availability of its enhanced rate-based rules feature to customers in the following AWS Regions: Asia Pacific (Hyderabad), Australia (Melbourne), Israel (Tel Aviv), and Asia Pacific (Malaysia). This feature supports additional request parameters for rate-based rules, including cookies and other HTTP headers. Additionally, customers can now create composite keys based on up to 5 request parameters, providing more granular options for managing and securing web application traffic.
Customers could already use WAF rate-based rules to automatically block requests from IP addresses that make large numbers of requests within a short period of time until the rate of requests falls below a customer-defined threshold. Now, WAF customers can aggregate requests by combining IP addresses with other request parameters (“keys”). Supported keys include cookies and other request headers, query strings or query arguments, cookies, label namespaces, and HTTP methods. By combining multiple request parameters into a single composite key, customers can detect and mitigate potential threats with higher accuracy.
There is no additional cost for using this feature, however standard AWS WAF charges still apply. For more information about pricing, visit the AWS WAF Pricing page. This feature is now available in all AWS regions where WAF is supported, except the China (Beijing) and China (Ningxia) Regions. To learn more, see the AWS WAF developer guide. For more information about the service, visit the AWS WAF page.
Source:: Amazon AWS